I have a Square Account. I also have a web page. On this web page, I'm collecting credit card details (name, number, expiration date, cvv). I want to charge the user an amount against the credit card details they've provided. I thought that Square had an API that allowed this. However, I don't see it. It looks like everything has to be done on the server.
Isn't there a way to securely do this from JavaScript purely on the client-side? It seems riskier to send details over the internet to a server, just to pass that information onto Square.
At this time, I have the following:
var creditCardNumber = '....';
var credidCardHolderName = 'Joe Smith';
var creditCardExpiration = '10/2020';
var creditCardCvv = '...';
var purchaseAmount = 50.50;
Is there a way to charge the purchaseAmount against the user's credit card using JavaScript on the client-side via Square? If so, how?
Thank you
You can't cut your own server out of the equation entirely. That would mean you would never get to know about the order. Money would just appear in your account.
You shouldn't be collecting credit card information though. Look at the Square Documentation for online transactions.
As part of the process, the user is redirected to Square's website where the credit card information is collected. You never need to send the credit card details to your server.
Merchant - Create a POST request: . Package the order information as a JSON message. NOTE: Currently, Square Checkout cannot calculate
shipping costs or taxes dynamically, those totals must be provided in
the POST request as line items in the order.
Add an authorization token to the header.
Merchant - Send the generated POST request to Square Checkout and process the response:
Save the returned checkout ID.
Automatically redirect the customer to the returned Checkout page URL.
Customer - Provide payment details using the Square Checkout UI.
Square Checkout - Process the transaction and sends email confirmation to merchant and customer.
Merchant - Verify the transaction results.
To process the payment you probably need to send some API credentials which wouldn't be safe to show on your frontend. That's why you may need some backend for that.
And of course you would allow customer to change the payment amount, which usually isn't OK.
Square documentation has got few nice diagrams and images showing how their API works and how to understand integrating it, e.g.
Take a look at "Get started" guide on their website, especially how it works.
Unfortunately, I am unable to find the specific documentation you would need to do this. It appears you need to log into the developer portal using your account credentials. If you are unable to find the documentation you need then you should reach out to Square support. That being said, I can give you some basic guidance.
DO NOT store any credit card information in your website. Do not store in javascript variables, send to your sever, or store them in any database. There is specific code Square will have you use that keeps that data secure and ensures it only ever is shared with Square.
Try digging around in the documentation of the product you're trying to use. What you are trying to accomplish should be found in some kind of "Setup" or "Get Started" type documentation that will be prominently displayed.
Related
I've saved the credit card for later usage with SetupIntent to the customer. Let's say that the user wants to edit his card (expiration/cvc/billing, etc..) after 5 days.
What would be the workflow for it?
Documentation got me confused because they propose to create a new SetupIntent and attach it to the customer. If that's so, what should we do with the previously added card?
For very good privacy reasons, there's very little you can "edit" on a user's payment methods. Stripe allows an almost unlimited number of paymentMethods attached to a customer. The recommended flow (as I also answered on Discord) is to attach the new paymentMethod - you can simply delete the previous one(s). When you query the API for a customer's payment Methods (list), they are returned in reverse chronological order - the first one is the most recent.
I want to charge a saved card in stripe. But while charging the save card I also want user to enter the CVV, just as an additional check (kind of like what happens in amazon).
So far I've tried payment intent and payment method. So while creating the payment intent I'll pass the payment method id, which is in format of card_***. And I can see that the payment_intent.succeeded event on stripe dashboard and even in webhook. But in this flow I'm unable to ask the user for CVV information.
Is there anyway to achieve this through Stripe.
Here's some useful links that I found.
payment method
This is the link that I followed to achieve, it's just that I also want to ask for CVV before actual charging.
stripe doc for charging saved card
It is possible to recollect the CVC from your customer. As you mentioned, you’ll reuse the existing Payment Method, but additionally you’ll include a cardCvc element on the page where your customer can provide the CVC for their card. Then when you’re making the call to confirm the payment, you’ll pass that element into the payment_method_options.card.cvc parameter.
This is covered in more detail here:
https://stripe.com/docs/payments/save-during-payment-cards-only#web-recollect-cvc
There are 4 easy steps described in the documentation about account linking for the messenger platform:
Register a callback URL using Log In Button.
Messenger Platform invokes the registered URL when a user starts the account linking flow. The redirect_uri and account_linking_token parameters are appended to your registered callback.
Once linking is complete, redirect users to the location provided by redirect_uri and append a authorization_code parameter (defined by you) to confirm linking.
Optionally retrieve the user's page-scoped ID (PSID) using the account linking endpoint. This step should only be used in special cases when you need the user's PSID as part of the linking process.
These steps are very easy to follow, except there's no help whatsoever on how to actually link the account, I get the redirect_uri and the account_linking_token as parameters on my callback website where I enter the account login and password.
And then, I link the accounts...? How exactly?
What's the use on this button? I know it is supposed to link accounts, but what do I need the account_linking_token for? I can already send in a regular web_url button the user psid, I can easily send it on my login button as a parameter and link account to this psid if credentials are correct.
I strongly believe there's something I'm missing or something I'm not understanding, but I don't know what. I followed the steps, called the account linking endpoint to get the PSID, which I already had since it is how I send messages with my bot, but I don't really see the point on this button.
So, what am I missing? I'm so frustated.
Just been through a similar bit of head scratching, so will explain what I've done while it's fresh in my head
For my example, I wanted Facebook to redirect out to my main login page, which is an open id connect implementation. The customer signs in to this, and I get an id_token and access_token back from that. Upon receiving the access_token, I'm extracting the 'sub' claim from the JWT, which is the unique customer identifier in our database.
I'm then redirecting back to the value that was sent to me in redirect_uri, appending authorization_code={the-value-of-the-sub-claim}
This then triggers the 'account link' webhook, which will Post to my service code, containing the PSID of the Facebook user and the authorization_code, which is my unique customer id in my business database.
You now have the 2 bits of information you need, the unique facebook id and your unique customer id in the Post message. It's up to your business code to persist this information to some sort of storage at this point
On subsequent message posts to the Bot endpoint, you always have the sender (PSID) in the message. Your code can now look up the corresponding id specific to your business and perform operations relevant for that id.
Where the linking takes place - that's in your code, you need to handle the message from the account link webhook and store the data for future use.
I have read almost everything there is on the Internet (almost no examples) and studied the (very limited and confusing) documentation.
I have a client were I am integrating payone, and I am not getting any further.
So I used the API client documentation and integrated the iframe client api example with creditcardcheck on page 35 (chapter 3.1.5.5). This works fine I receive the answer and a pseudocardpan.
As explained in the quick start guide, I then start the "preauthorization", using the server api with the pseudocardpan. I send all the necessary parameters again, and I end up on the server payone with status = approved .
I assume this is then successfull. However, what or how should I proceed? What is the transactionUrl for? Maybe someone has experience with payone.
sorry to hear you're having a tough time implementing a Payone interface. We are currently working on providing more insightful examples. Please bear with us for a little longer.
Meanwhile, I'll gladly help you with continuing your integration. After the successful preauthorization, you'll need to store the txid for further reference to this transaction. To collect the money from the creditcard, you'll need to send a capture request with the amount you wish to collect and the txid as a reference (see the docs for a full list of required parameters).
If you don't want to send a capture request afterwards (for instance if you want to collect the entire amount immediately after the customer completed their order) you can send an authorization request instead of the preauthorization and leave out the capture part.
The transaction status URL is used to asynchronously inform your application about status changes in Payone transactions. For instance in a prepayment setting we'll send a PAID notification as soon as the customer paid the amount to your bank account.
Best,
Florian (Technical Partner Manager # Payone)
I understand that once the response comes back that it has been approved, then it is approved - all the details were correct and authorisation was successful.
If you are doing a preauthorization then you will need to follow that with a capture to actually take the payment. In some legislative environments, for example many US states, you cannot capture the payment until you finally ship the goods from an online shop.
If that is not a problem (e.g. paying invoices, running an online shop in the UK), then use authorization, which does a preauthorization and capture all in one step. Apart from the name of the request, the details of the message you send is identical.
What id need it to do is login in to another websites account and look up prices for items as it applies to that user. this is because the users may have specific contract deals that gives them cheaper prices. id then need to show all of the results side by side and maybe link to the company offereing the price but it wouldn't have to do anymore than that (like buying etc). I am familiar with HTML, CSS and PHP, but please tell me if i need to learn another language, frameworks i can start with etc. thanks.
You will have to check with "another website" about availability of API for finding the information you need.
Generally, if API is available - you will be able to get the profile or account info, to find out a group of the user (if the discounts are provided to the groups, like "beginner" get 5%, "advanced" get 10% rates), or activity (make 500 posts on the forum - get 10%, buy 10000$ worth of products within a year - get 15% discount) and etc. After that you might get another API function to use which will give you the product info and price actual for the user.
If API is not available, you will need to find out what is available.
Worst way in terms of work required for programming and etc - you have to use pure PHP or perhaps some browser imitating library to manually authorize with your users's login and password, store session and browse the "another website". But a question here - will your users provide you with their login and password for "another website"??
At this point it isn't a PHP, Javascript or anything else question. It is a question of how you can get your data.